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(54) Comniunication network system, gateway, data communication method and program 
providing medium 



(57) Tliis Invention relates to provide a communica- 
tion network system, a gateway, and a data communis 
cation metliod, in which the gateway has an advanced 
functionality. A person who issues an access request 
can retrieve a desired access destination easily by the 
following configuration: functions of routing Infomiation 
providing and authentication processing are added to a 
gateway that.performs protocol conversion between 



two different communication networks: when an access 
request is issued from a public communication network 
such as Intemet to a terminal in a local (private) com- 
munication network connected to the gateway, a re- 
quest terminal is authenticated to enable prevention of 
unauthorized data writing and reading; and an access 
request user who succeeded In the authentication is 
provided with an active terminal list comprising acces- 
sible temninal information, or with a user condition table. 
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Description 

BACKGROUND OF THE INVENTION 

[0001] The present invention relates to a communica- 
tion network system, a gateway, a data communication 
method, and a program providing medium, more specif- 
ically, to a communication network system, a gateway, 
a data communication method, and a program providing 
medium, which enable data communication having ad- 
vanced functionality by adding functions of routing infor- 
mation providing processing and authentication 
processing to a gateway that perfomns communication 
protocol conversion between a public communication 
network and a private communication network such as 
LAN. 

[0002] A gateway Is used as a device that enables In- 
terconnection between a public communication network 
such as Internet and telephone line and a private com- 
munication network such as LAN. The gateway provides 
mutual communication by perfomning communication 
protocol conversion between the public communication 
network and the private communication network. The 
gateway is also used in mutual protocol conversion be- 
tween LANs (Local Area Network) that are constructed 
as private communication networks. A typical example 
of LANs Is Ether-net, which provides connections of two 
or more communication temninals including personal 
computers on a single cable. As a method for avoiding 
a collision of packets transmitted and received on two 
or more computers, and the like, CSMA/CD (Carrier 
Sense Multiple Access/Collision Detection) Is adopted. 
[0003] As conventionally known connection devices 
for communication networks, for example, there are a 
modem unit that performs digital-to-analog conversion 
to connect an analogue telephone to a digital line, a hub 
that perfomfis connection processing at the physical lay- 
er level of OSI layers, a repeater, a bridge that performs 
processing at the data link layer level of OSI layers, a 
router that perfonns processing of the network layer of 
OSI layers, and the like. Main functions of the repeater 
are amplification processing and distortion restoring 
processing to restore a signal level attenuated in the 
process of transmission. The bridge has a function of 
performing filtering processing for checking a source 
(originator) address and a destination (recipient) ad- 
dress, which are managed by the data link layer, to de- 
termine whether or not a packet is to be transmitted. The 
router has a function of relaying and exchanging pack- 
ets according to protocol definition of the network layer. 
The gateway has an overall exchange function that is 
adaptable to OSI layers from the first to the seventh lay- 
er, that Is to say, from the physical layerto the application 
layer. The gateway, therefore, provides connection be- 
tween different networks. 

[0004] However, because the various kinds of com- 
munication network connection devices described 
above are devised to provide only mutual communica- 



tion with a network having a different protocol ^giere is 
no communication network connection device ^gat has 
an application involved in processing with advanced 
functionality including functions of routing information 
providing processing and authentication processing for 
various kinds of terminals such as personal computers 
connected to a network. 

SUMMARY OF THE INVENTION 
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[0005] An object of the present Invention is to provide 
a communication network system, a gateway, a data 
communication method, and a program providing medi- 
um, which enable communication having advanced 

15 functionality by adding functions of routing information 
providing processing and authentication processing to 
a gateway in a network configuration, such as Ether-net, 
in which communication-capable terminals Including 
two or more personal computers, audio devices, and 

20 video devices are connected. 

[0006] According to a first aspect of the present inven- 
tion, there is provided a communication networi< system 
characterized In that communication between two com- 
munication networks Is made possible by involving a 

25 gateway for perfomiing communication protocol conver- 
sion between the two communication networks commu- 
nicating according to different protocols; the communi- 
cation network system has a configuration in which the 
gateway receives a request to access a terminal or a 

30 registered user in a local communication network con- 
nected to the gateway from an outside communication 
network; and the gateway selects accessible terminals 
from temninals or registered user terminals in the local 
communication network connected to the gateway, gen- 

35 erates an active terminal list and then transmits the ac- 
tive temninal list to a request temninal that has pert omned 
the access request. 

[0007] In addition, in an embodiment of the commu- 
nication network system according to the present inven- 

40 tion, the communication network system is character- 
ized in that the gateway generates a user condition table 
as the active temninal list which registers routing Infor- 
mation that enables communication with registered us- 
ers; and the gateway provides the request temninal with 

45 the registered users* routing Information In the user con- 
dition table. 

[0008] In addition, in an embodiment of the commu- 
nication network system according to the present inven- 
tion, the communication network system is character- 

50 ized In that the gateway receives device unique infor- 
mation as specific infomnation from a terminal in the lo- 
cal communication network connected to the gateway 
and from an unconnected terminal including mobile tel- 
ephones; and the gateway extracts terminals having ap- 

55 propriate unique Information from registered device da- 
ta in a home gateway, and makes a table of routing in- 
formation of the extracted temninals to generate the ac- 
tive terminal list. 
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[0009] In addition, in an embodiment of the commu- 
nication network system according to the present inven- 
tion, the communication network system is character- 
ized in that the gateway provides only specific users with 
accessible terminal information by performing authenti- 
cation processing for the request terminal or the request 
user that issued the access request. 
[0010] In addition, In an embodiment of the commu- 
nication network system according to the present inven- 
tion, the communication network system is character- 
ized in that the gateway has setting information speci- 
fying a range of access right for each request terminal 
or each request user that issued the access request; 
and based on tenninal or user Information obtained by 
the authentication processing for the request terminal 
or the request user, the gateway provides access des- 
tination information with restriction according to the set- 
ting information. 

[0011] In addition, in an embodiment of the commu- 
nication network system according to the present inven- 
tion, the communication network system Is character- 
ized In that the gateway keeps a log of access requests 
from retrieving users having no access right as an ac- 
cess history and transmits the access history to regis- 
tered users. 

[0012] In addition, according to a second aspect of the 
present Invention, there Is provided a gateway, In which 
communication protocol conversion between two com- 
munication networks communicating according to differ- 
ent protocols is perfonned; the gateway has a configu- 
ration In which the gateway receives a request to access 
a tenninal or a registered user In a local communication 
network connected to the gateway from an outside com- 
munication network; and the gateway selects accessi- 
ble terminals from tennlnals or registered usertemiinals 
In the local communication network connected to the 
gateway, generates an active terminal list, and then 
transmits the active tenninal list to a request terminal 
that has perfonned the access request. 
[0013] In addition, In an embodiment of the gateway 
according to the present invention, the gateway Is char- 
acterized In that the gateway generates a user condition 
table as the active tenninal list which registers routing 
infonnation that enables communication with registered 
users; and the gateway provides the request terminal 
with the registered users' routing Information in the user 
condition table. 

[0014] In addition, in an embodiment of the gateway 
according to the present invention, the gateway Is char- 
acterized In that the gateway receives device unique in- 
fonnation as specific information from a terminals In the 
local communication network connected to the gateway, 
and from an unconnected terminal including mobile tel- 
ephones; and the gateway extracts terminals having ap- 
propriate unique information from registered device da- 
ta in a home gateway, and makes a table of routing in- 
fonnation of the extracted tenninals to generate the ac- 
tive tenninal list. 



[0015] In addition, in an embodiment of the gateway 
according to the present Invention, the gateway Is char- 
acterized in that the gateway provides only specific us- 
ers with accessible tenninal information by perfonning 

5 authentication processing for the request terminal orthe 
request user that issued the access request. 
[0016] In addition, in an embodiment of the gateway 
according to the present invention, the gateway is char- 
acterized In that the gateway has setting Information 

10 specifying a range of access right for each request ter- 
minal or each request user that Issued the access re- 
quest; and based on tenninal or user Information ob- 
tained by the authentication processing for the request 
terminal or the request user, the gateway provides ac- 

15 cess destination information with restriction according 
to the sening information. 

[0017] In addition, in an embodiment of the gateway 
according to the present Invention, the gateway Is char- 
acterized In that the gateway keeps a log of access re- 
20 quests from retrieving users having no access right as 
an access history and transmits the access history to 
registered users. 

[0018] In addition, according to a third aspect of the 
present invention, there is provided a data communica- 

25 tion method In a communication network system, in 
which communication between two communication net- 
works Is made possible by Involving a gateway for per- 
forming communication protocol conversion between 
the two communication networks communicating ac- 

30 cording to different protocols; and the data communica- 
tion method comprises a request receiving step for re- 
ceiving a request to access a terminal or a registered 
user in a local communication network connected to the 
gateway from an outside communication network; a list 

35 generation step for selecting accessible terminals from 
terminals or registered user terminals in the local com- 
munication network connected to the gateway to gener- 
ate an active tenninal list; and a list transmission step 
for transmitting the active terminal list to a request ter- 

40 minal that has perfonned the access request. 

[0019] In addition, In an embodiment of the data com- 
munication method according to the present invention, 
the data communication method is characterized in that 
the list generation step Is a step for generating a user 

45 condition table which registers routing Information that 
enables communication with registered users; and the 
list transmission step is a step for transmitting the reg- 
istered users' routing Information In the user condition 
table to the request terminal. 

50 [0020] In addition, In an embodiment of the data com- 
munication method according to the present invention, 
the data communication method is characterized In that 
the list generation step receives device unique informa- 
tion as specific infomnation from, a terminal in the local 

55 communication network connected to the gateway and 
from an unconnected terminal Including mobile tele- 
phones; and the list generation step extracts terminals 
having appropriate unique information from registered 
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device data in a home gateway, and generates routing 
information of the extracted terminals by listing them. 
[0021] In addition, in an embodiment of the data com- 
munication method according to the present invention, 
the data communication method is characterized in that 5 
the list generation step receives device unique informa- 
tion as specific information from a terminal in the local 
communication network connected to the gateway and 
from an unconnected terminal including mobile tele- 
phones; and the list generation step extracts terminals io 
having appropriate unique information from registered 
device data in a home gateway, and generates routing 
infonnation of the extracted tenninals by listing them. 
[0022] In addition, in an embodiment of the data com- 
munication method according to the present invention, ^5 
the data communication method is characterized in that 
the gateway generates setting information specifying a 
range of access right for each request terminal or each 
request user that issued the access request; and based 
on tenninal or user information obtained by the authen- 20 
tication processing for the request temninal or the re- 
quest user, the gateway provides access destination in- 
formation with restriction according to the setting infor- 
mation. 

[0023] In addition, in an embodiment of the data com- 25 
munication method according to the present invention, 
the data communication method is characterized in that 
a log of access requests from request terminals or re- 
quest users that have no access right is kept as an ac- 
cess history, and the access history is transmitted to reg- so 
istered users. 

[0024] In addition, according to a fourth aspect of the 
present invention, there is provided a program providing 
medium, In which the medium provides a computer pro- 
gram for executing, on a computer system, data com- 35 
munication processing in a communication network sys- 
tem that enables communication between two commu- 
nication networks by involving a gateway for performing 
communication protocol conversion between the two 
communication networks communicating according to 40 
different protocols; and the program providing medium 
has a configuration in which the computer program com- 
prises a request receiving step for receiving a request 
to access a terminal or a registered user in a local conv 
munication network connected to the gateway from an 45 
outside communication network; a list generation step 
for selecting accessible terminals from terminals or reg- 
istered user terminals in the local communication net- 
work connected to the gateway to generate an active 
tenninal list; and a list transmission step for transmitting so 
the active terminal list to a request tenninal that has per- 
formed the access request. 

[0025] The program providing medium relating to the 
fourth aspect of the present invention is medium that 
provides a computer program in a computer-readable 55 
format for general-purpose computer systems capable 
of executing various program codes. There is no limit 
on a form of the medium. It may be storage medium such 
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as CD, FD. and MO, or transmission mediurr^^guch as 
network, or the like. CS5 
[0026] Such program providing medium specifies 
structurally and functionally synergistic relationship be- 
tween the computer program and the medium for pro- 
viding In orderto realize a given function of the computer 
program on the computer system. In otherwords, install- 
ing the computer program to the computer system 
through the medium for providing causes synergistic 
functionality to effect, and thereby similar effects to 
those of the other aspects of the present invention can 
be obtained. 

[0027] Further objects, characteristics, and advantag- 
es of the present invention will become apparent by 
more detailed description based on the following em- 
bodiments of the present invention and the attached 
drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0028] I 

FIG. 1 is a diagram illustrating an outline of a com- 
munication network system to which a configuration 
according to the present invention is applied; 
FIG. 2 is a block diagram illustrating a hardware 
configuration of a gateway according to the present 
invention; 

FIG. 3 is a diagram illustrating a software configu- 
ration of a gateway according to the present Inven- 
tion; 

FIG. 4 is an explanatory diagram illustrating a back- 
up function (example 1) of a gateway in a commu- 
nication networi< system according to the present 
invention; 

FIG. 5 is an explanatory diagram illustrating a back- 
up function (example 2) of a gateway in a commu- 
nication network system according to the present 
invention; 

FIG. 6 is a diagram illustrating asequence of license 
confirmation processing of a gateway in a commu- ) 
nication network system according to the present 
Invention; 

FIG. 7 is a diagram illustrating a sequence of data 
download from an outside temninal to an internal ter- 
minal via a gateway In a communication network 
system according to the present Invention; 
FIG. 8 is a diagram illustrating access-right confir- 
mation processing for data download from an out- 
side temninal to an internal tenninal via a gateway 
in a communication network system according to 
the present invention; 

FIG. 9 is a diagram illustrating processing environ- 
ment of data upload from an outside tenninal to an 
internal temninal via a gateway in a communication 
network system according to the present invention; 
FIG. 10 is a diagram illustrating a sequence of data 
upload from an outside terminal to an internal ter- 
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minal via a gateway in a communication network 
systenn according to the present invention; 
FIG. 11 is an explanatory diagram illustrating an 
outline of user communication-destination retriev- 
ing-processing using a gateway in a communication 
network system according to the present invention; 
and 

FIG. 12 is a diagram illustrating a processing se- 
quence of user communication-destination retriev- 
ing-processing using a gateway in a communication 
network system according to the present invention. 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

[Outline of System] 

[0029] FIG. 1 Is a configuration diagram to which a 
communication network system, a gateway, a data com- 
munication method according to the present invention 
can be applied. In FIG. 1 , a home gateway 10 is con- 
nected between a public communication network (for 
example, such as a general telephone line, a cable tel- 
evision, and ISDN) and a private communication net- 
work (such as LAN (Local Area Network), and Ether- 
net) that is in confomriity with TCP/IP (Transmission 
Control Protocol/Internet Protocol). The home gateway 

10 perfomns communication protocol conversions on 
both sides. 

[0030] A personal computer 11 , an audio device 12, 
a video device 13, and a settop box 14 as various ter- 
minal devices capable of communicating via LAN are 
connected to the LAN as a private communication net- 
work connected to the home gateway 1 0. A home gate- 
way 10 uses Internet, which Is connected through the 
public communication network, as a communication 
medium. In addition, the home gateway 11 is connected 
to a wireless public communication network using for ex- 
ample CDMA (Code Division Multiple Access) method, 
or connected to a remote office LAN. The home gateway 

1 1 has a configuration that is capable of data communi- 
cation with mobile telephone 15 via Internet and the 
wireless public communication network and that is ca- 
pable of data communication with in-house personal 
computers 16.17 via Internet and the office LAN. Fire- 
wall 18, which Is configured with for example a proxy 
server, is placed between the office LAN and Internet 
The firewall 1 8 is configured to guard against an unau- 
thorized access to the office LAN from outside. 
[0031] In the communication network system as 
shown in FIG. 1 , the home gateway 1 0 is conventionally 
configured only to perfonn protocol conversion between 
the public communication network (for example, such 
as cable television and ISDN) and the private commu- 
nication network such as LAN. The home gateway 10 
accordi ng to the present invention has not only the com- 
munication protocol conversion function but also data 
accumulation means for accumulating data required for 



various data processing (that are executed by various 
devices connected to LAN, for example, the personal 
computer 11 , the audio device 12, the video device 13. 
and the settop box 14 as shown in FIG. 1) or for accu- 

5 mulating processed data generated by the processing. 
[0032] FIG. 2 is a configuration block diagram illus- 
trating the home gateway 1 0 in the system according to 
the present invention. The home gateway 10 mainly 
comprises private network physical interface 101 , CPU 

10 102, public network physical interface 103, memory 
104, and accumulation means 105. As regards the pri- 
vate network physical interface 101, for example. If 
Ether-net is used as a private communication network, 
the private network physical interface 1 01 is configured 

15 to have a bridge function or a router function. If various 
wireless communication methods (such as l-Link; or 
wireless-LAN, Blue Tooth. Home-RF, or the like) are 
used, the private network physical interface 1 01 is con- 
figured to be an interface that is adaptable to each com- 

20 munication method. 

[0033] The public network physical interface 103 is 
configured to be an interface having a bridge function 
that is adaptable to a signaling method of the public 
communication network. For example, If an ordinary tel- 

25 ephone line is used as the public network, the public net- 
work physical interface 1 03 is configured to be a modem 
function interface. If a cable television line is used as 
the public network, it is configured to be a cable modem 
function interface. If WLL (Wireless Local Loop) is used, 

30 it is configured to be WLL modem function interface. The 
home gateway 10 performs protocol conversion be- 
tween the public network physical interface 1 03 and the 
private network physical interface 101. Specifically, for 
example, if the public communication network is ISDN 

35 and the private communication network uses TCP/IP 
protocol, the home gateway 10 perfomns conversion 
processing from ISDN communication protocol to TCP/ 
IP protocol, or performs back conversion processing. 
The CPU 1 02 provides a calculation function of perfomn- 

40 ing the processing. The memory 104 comprising RAM, 
ROM, and the like is used for storing a processing pro- 
gram and for storing data when executing a program. 
[0034] The home gateway 1 0 in the system according 
to the present invention further includes the data accu- 

45 mulation means 1 05. The data accumulation means 1 05 
is data accumulation means for performing unified con- 
trol of data that will be processed or has been processed 
in various temninals (for example, the personal compu- 
ter 1 1 , the audio device 1 2, the video device 1 3, and the 

50 settop box 14 as shown in FIG. 1), which are capable of 
transmitting data and connected to the private commu- 
nication network via the home gateway 1 0. The data ac- 
cumulation means 105 is also mass data accumulation 
means for storing internal data of the terminals connect- 

55 ed to the private network. Specifically, the data accumu- 
lation means 105 is configured with a hard disk, CD-R, 
DVD, or the like. The system according to the present 
invention has a configuration in which the personal com- 
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puter 11, the audio device 12, the video device 13, the 
settop box 14, and the like can store and read data in 
the accumulation means 105 of the home gateway 10. 
[0035] FIG. 3 shows a software block of the home 
gateway 10 in the system according to the present in- 
vention. As shown in FIG. 3, the software block com- 
prises an operating system (OS) for controlling overall 
processing, device drivers for performing Input and out- 
put controls of various devices including storage means 
for the OS, a public network application interface that 
functions as an interface of network processing per- 
formed via the public network physical interface 103, a 
private network application interface that functions as 
an interface of network processing performed via the pri- 
vate network physical interface 101, and various appli- 
cation interlaces that perform processing for the accu- 
mulation means 105 peculiar to the system of the 
present invention. In the top layer, a license engine, a 
retrieval engine, an authentication engine, a registration 
engine, and a data processing engine are configured as 
various processing engines peculiar to the system ac- 
cording to the present invention. 

[0036] The following describes operations of the 
home gateway which has the hardware configuration 
shown in FIG. 2 and the software configuration shown 
in FIG. 3, according to the present invention. 

[Backup Function] 

[0037] First, a backup processing function that uses 
the accumulation means 105 of the home gateway 10 
according to the present invention is described. FIG. 4 
is a diagram illustrating an outline of backup processing. 
A configuration in FIG. 4 shows the home gateway 10 
and the personal computer 11 connected to the private 
communication network (ex. a home network) as LAN 
such as Ether-net. In FIG. 4, the persona! computer 11 
is shown as a device that is representative of connection 
devices for the private communication network. As 
shown In FIG. 1 , however, the device may be the audio 
device 12, the video device 13, the settop box 14, or the 
other devices. 

[0038] In FIG. 4, the personal computer 11 stores var- 
ious programs, data, and the like in local disk 112 such 
as a hard disk built in the personal computer. On the 
other hand, the storage means 105 is also configured 
to store the same data as the stored data In the local 
disk 112 of the personal computer 11 as backup data. 
[0039] Backup processing may be performed auto- 
matically or performed at user's will by taking the Initia- 
tive. As an automatic backup method, a method that us- 
es directory duplexing is available. In the example of 
FIG. 4, by keeping a directory in the storage means 1 05 
of the home gateway 1 0 same as a directory in the local 
disk 1 1 2 of the personal computer 1 1 as a duplexed con- 
figuration, data to be stored in the local disk 112 can be 
automatically stored in the storage means 105 of the 
home gateway 10. An initiative processing can be per- 



formed, for example, by specifying the storagg^eans 
105 of the home gateway 10 as a data storing^destina- 
tlon only for data for which backup processing is re- 
quired according to user's judgment. Instead of the per- 

5 sonal computer 1 1 , even in the case of the audio device 
12, the video device 13, or the like, it is possible to per- 
form the processing described above in a similar man- 
ner. For example, audio data, image data, and the like 
can be stored as backup data in the storage means 1 05 

10 of the home gateway 10. If the audio device 12 or the 
video device 13 does not have such control function in 
itself, it can be configured to perform the processing 
through the personal computer 11 connected to the 
same private communication network. 

15 [0040] The example shown in FIG. 4 is a configuration 
in which all data are backed up in the storage means 
105 of the home gateway 10. As shown in FIG. 5, how- 
ever, it is possible to have a configuration in which only 
boot data is stored in the local disk 112 of the personal 

20 computer 11 and program data and user data are stored 
in the storage means 105 of the home gateway 10. In 
the configuration shown in FIG. 5, the local disk 112 of 
the personal computer 1 1 stores only boot program, and 
the storage means 1 05 of the home gateway 1 0 stores 

25 all of application programs, user data, and the like. If the 
storage means 105 is configured as a mass storage 
means having two or more disk drives, for example, It is 
possible to store programs and processing data of two 
or more personal computers even when two or more 

30 personal computers are connected to the private com- 
munication network. 

[0041 ] Not only configurations as shown in FIG. 4 and 

FIG. 5, it is also possible to have a configuration In which 
the accumulation means 105 of the home gateway 10 

35 accumulates, or backs up and stores documents and 
the like, created by users using the personal computer 
11 , and the local disk 112 of the personal computer 11 
stores application programs, OS, and the like. 
[0042] TTius, by having the configuration in which the 

40 home gateway 10 comprises the accumulation means 
105 that backs up and stores processing programs and 
processing data of the personal computer 1 1 and the 
other audio devices connected to the private communi- 
cation network, even if the local disk 1 1 2 of the personal 

45 computer 11 is broken and as a result becomes Inac- 
cessible for example, the program or the data can be 
acquired from the accumulation means 1 05 of the home 
gateway 10. In addition, it is recommended that the ac- 
cumulation means 105 of the home gateway 10 is con- 

so figured with a mass accumulation means capable of 
storing two or more drives and further with a removable 
type allowing a new disk to be inserted to increase the 
capacity. 

[0043] In the backup configuration using the accumu- 
55 lation means 1 05 in the home gateway 1 0. if two or more 
devices, for example, two or more personal computers 
are connected to the private communication network, 
processing of determining a personal computer in which 
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backup data originates is required. For example, if a 
specific application program is stored as backup data in 
the accumulation means 105 of the home gateway 10, 
allowing two or more personal computers to load this 
program freely causes a license problem. 
[0044] For the purpose of solving such problem, the 
home gateway Is configured to have a license engine 
so that license confirmation Is performed before down- 
loading the backup data to terminals such as personal 
computers. 

[0045] FIG. 6 shows a processing sequence when 
program data is downloaded from a home gateway to a 
personal computer as a device connected to a private 
communication network. The following describes the 
sequence in FIG. 6. First, when the personal computer 
stores the program data in the home gateway, the per- 
sonal computer transmits a license number of the pro- 
gram data and a unique value of the personal computer 
(for example, a unique data that is not rewritable such 
as a unique value obtainable from CPU of the personal 
computer, a serial number of the personal computer, 
and a production number) to the home gateway. 
[0046] The license engine of the home gateway re- 
ceives the license number and the unique value and reg- 
isters them in a registration license table. In this connec- 
tion, if one license number allows two or more devices 
to use the program data according to the license type, 
unique values of two or more personal computers are 
associated with one license number before the license 
number and the unique values are registered in the ta- 
ble. 

[0047] After registering them, when a data restoring 
request, that is to say, a download request of the pro- 
gram data is output from the personal computer to the 
home gateway, the home gateway performs processing 
of detecting licensed software and then requests the 
personal computer to receive input of a license number. 
[0048] On the personal computer side, after a license 
number is input, the license number is transmitted to the 
home gateway with the unique value of PC. The home 
gateway perfomns matching processing to check wheth- 
er or not the license number and the unique value that 
have been received match the registered data. If 
matched data is not found, the home gateway notifies 
the personal computer that restoring is not allowed, in 
other words, download of the requested program data 
is rejected. If matched data is found in the table, the 
home gateway notifies the personal computer that re- 
storing is allowed, in other words, download of the re- 
quested program data is allowed. Then, the home gate- 
way transmits the data. 

[0049] The example described above is an example 
of access to the accumulation means of the home gate- 
way from a terminal connected to the private communi- 
cation network. The access to the accumulation means 
of the home gateway may be allowed not only from the 
terminal within the private communication network but 
also via an outside public communication network. In 



this case, in order to have a configuration in which only 
an access request from a specific user or a specific de- 
vice is responded to, the home gateway is configured to 
have a registration table for registering user identifica- 

5 tion values or for registering device identification values. 
Using this configuration, when the home gateway re- 
ceives an access request for accessing the data accu- 
mulation means from outside other than the private 
communication network, for example, a mobile tele- 

10 phone or the like, the home gateway can receive a user 
identification value of an access request userora device 
identification value from the mobile telephone, retrieve 
the registration table according to the received user 
identification value or the received device identification 

15 value to determine an access right, and allow or reject 
access according to the detemnination. In this connec- 
tion, the home gateway is configured to have IP ad- 
dress, and PPP server function to enable accesses from 
various kinds of terminals. 

20 

[Data download to an outside temninal via the home 
gateway] 

[0050] Next, processing when transferring data via 
25 the home gateway is described. Fundamentally, a gate- 
way provides protocol conversion processing, which en- 
ables data communication via communication network 
having a different protocol. The home gateway 10 In the 
system according to the present invention includes an 
30 authentication engine that performs authentication 
processing for an access from outside via the home 
gateway, for example, an access through Internet or the 
like. 

[0051] FIG. 7 shows a processing sequence when a 

35 terminal in the private communication network is ac- 
cessed from outside via the public network. In FIG. 7, a 
temninal that tries an access from outside via the public 
network is shown as an out-of-home PC. A temiinal in 
the private communication network is shown as an Intra- 

40 home PC. In the example of FIG. 1, for example, the 
out-of-home PCs are the in-house personal computer 
16 and 17 connected via the Internet and office LAN, 
and the intra-home PC is the personal computer 11 . 
[0052] . FIG. 7 shows an example of processing In 

45 which the out-of-home PC acquires data from the intra- 
home PC (data download). The following describes the 
example according to the sequence. First, the out-of- 
home PC requests an active terminal list from the home 
gateway. The active terminal list is data that lists acces- 

50 sible temriinals connected to the private communication 
network to which the home gateway is connected. The 
active temninal list is listed in the following manner: de- 
vice unique information of a connected terminal is trans- 
mitted as device unique information from each active 

55 temninal to the home gateway; and the home gateway 
extracts and lists tenninals having the corresponding 
unique value from registered device data. Generation 
processing of this active temninal list is detailed in Jap- 
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anese Patent Application No. Hei 11-55625, which is a 
patent application applied for by the same applicant as 
that of the present invention. Therefore, the same meth- 
od can be adopted. 

[0053] The home gateway, which has received the re- 
quest for the active list, transmits an authentication re- 
quest to the out-of-home PC that issued the access re- 
quest. The authentication processing is processing for 
checking whether or not a user issuing the access re- 
quest is the authorized user who has been already reg- 
istered in the home gateway. The out-of-home PC, 
which has received the authentication request, trans- 
mits an authentication response as a response to the 
request. As an authentication method, there is a method 
that requires password entry, or the following method: a 
PC reads a unique value on a card that records the 
unique value, such as an IC card, when the card is In- 
serted in the PC or brought near to the PC; and then the 
unique value is transmitted to the home gateway. The 
home gateway performs matching processing to check 
whether the transmitted password or the unique value 
of IC card matches data in a registered user table stored 
in memory of the home gateway. When matched data Is 
found, the access request is authenticated indicating 
that it is an access request perfomned by the authorized 
user having access right. If the authentication is failed, 
subsequent processing is not performed, and as a result 
the access request is rejected. 

[0054] When the authentication completed success- 
fully, the home gateway retrieves active tennlnals con- 
nected to the private communication network. In other 
words, the home gateway retrieves accessible temiinals 
of which power are turned on. As described above, this 
processing Is performed in the following manner: device 
unique Infomriation are received as device unique Infor- 
mation from connected tenninals of which power are 
turned on; and terminals having the con-esponding 
unique value are extracted and listed from registered 
device data. The home gateway transmits the generat- 
ed list, that is to say. the active terminal list to the out- 
of-home PC that issued the access request. The 
processing covering from the authentication processing 
to returning this active list is applicable because 
processing of normal HTTP 1.0 or more can pass 
through an in-house firewall. 

[0055] On the out-of-home PC, which has received 
the active list, the list is viewed on a browser for example 
to specify an access directory of an access destination 
temriinal, and then an data acquisition request is trans- 
mitted to the access destination terminal. The intra- 
home PC, which has received the data acquisition re- 
quest via the home gateway, transmits the correspond- 
ing data to the out-of-home PC. As a result, the out-of- 
home PC can receive the data. 

[0056] By the way, the above example is described as 
a conf iguration in which overall access right to terminals 
connected to the home, gateway is registered in the 
home gateway. However, the access right registration 



table can be configured to set accessible user^tpr each 
individual terminal connected to the private cfgimuni- 
catlon network or for each individual directory in one ter- 
minal. This enables us to set a range of accessible data 
5 for each user who accesses from outside In more detail. 
[0057] For example, it is possible to have the following 
configuration, and the like: user A is allowed to access 
all tennlnals (from 1 to N) connected to the home gate- 
way; and user B is allowed to access only directory aaa 
10 of temninal 1 . 

[0058] In addition, it is possible to manage unauthor- 
ized access status by having a configuration in which 
access request log information of users that are not reg- 
istered in the home gateway is stored in the home gate- 
is way and the log infonnation is transmitted automatically 
periodically to an administrator of the home gateway 
The sequence of this processing is shown in FIG. 8. In 
this case, the home gateway is configured to transmit 
log data of access requests, which failed in authentica- 
te tion, automatically to the administrator as a message or 
a mail. Moreover, if an authority of a request for process- 
ing is higher than the authority that is given to the user, 
a log including such status is generated and transmitted 
to the administrator as a message or a mall. A data 
25 processing engine of the home gateway perfomns the 
processing described above, in this connection, data 
transmission to the administrator may be perfomned 
judging from a condition of log accumulation or at the 
interval of a predetemnined period. 

30 

[Data upload from an outside tenninal via the home 
gateway] 

[0059] Next, data input processing to a tenninal in the 

35 private communfcatlon network connected to the home 
gateway, in other words, processing when data Is trans- 
mitted from an outside PC to a tenninal in the private 
communication network is described. 
[0060] Generally speaking, In a configuration In which 

40 many communication terminals are installed in one or- 
ganization such as a company, a firewall is placed to 
limit free connections from outside for security protec- 
tion. For example, as shown in FIG. 9, WWW server 901 
In an organization such as a company is placed outside 

45 firewall 18, and two or more temnlnais as in-house re- 
sources are placed Inside the firewall 1 8. WEB connec- 
tion from outside through Internet, and the like, generally 
enables a mail to be transmitted or received by allowing 
access to the WWW server 901 placed outside the fire- 

50 wall 1 8. WWW access from an In-house tenninal to out- 
side is enabled by passing through a proxy server that 
is a partial function of the firewall. In addition, WWW and 
functions other than mail can also be realized by using 
SOCKS server. General firewall configuration prohibits 

55 all of applications other than those described above. As 
regards such configuration, FIG. 1 0 shows a processing 
sequence of transferring data to an intra-home terminal 
(PC) connected to the private communication network 
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including the home gateway. 

[0061] In the processing sequence of FIG. 10. the fol- 
lowing processing are the same as those described in 
FIG. 7: a request for an active temninal list from an out- 
of-home PC; an authentication request from the home 
gateway; an authentication response from the out-of- 
home PC; generation of the active terminal list by the 
home gateway; processing of active temninal list re- 
sponse from the home gateway to the out-of-home PC. 
In data upload processing shown in FIG. 10, in the next 
place, a data transmission request, which specifies a 
terminal selected from the active terminal list in the out- 
of-home PC, Is transmitted to the intra-home PC as the 
selected temninal via the home gateway. From the intra- 
home PC that has received the transmission request, a 
response that approves the data reception is transmit- 
ted to the out-of-home PC. As a manner of data upload 
from the out-of-home PC, as shown In the figure, upload 
data is iransrnltled by a mail using the response as a 
key, or there is a method by which It is realized as JAVA 
J applet using HTTP 

* [0062] As processing of ensuring security of transmit- 

ting data, for example, the following processing is pos- 
sible: when a response Is transmitted from the intra- 
home PC, a key for encrypting transmission data is in- 
cluded; and then the out-of-home PC encrypts transmis- 
sion data using this key before transmitting the data. For 
example, the intra-home PC transmits a public key or a 
public key certificate to the out-of-home PC, and the out- 
of-home PC encrypts transmission data using the re- 
ceived public key and transmits it to the intra-home PC. 
The intra-home PC. which has received the encrypted 
data, can decrypt the encrypted data using a secret key 
that is paired with its own public key. A method of en- 
cryption processing is not limited to the public key meth- 
od. It is possible to have a configuration In which encryp- 
tion processing by means of symmetric key is per- 
formed. 

[0063] In this connection, safer data upload can be 
perfomned by the following configuration: before trans- 
) mitting and receiving data between the out-of-home PC 

and the intra-home PC that perfomi data transmission 
and reception, mutual authentication processing by 
means of public key cryptography or symmetric key 
cryptography Is performed; only when the authentica- 
tion completes successfully, data transmission from the 
out-of-home PC Is allowed. 

[User communication-destination retrieving- 
processing] 

[0064] Next, user communication-destination retriev- 
ing-processing in the system according to the present 
invention is described. This function provides a reliable 
access for various communication terminals such as a 
PC, and a mobile telephone by the following process: 
registered user's routing address information including 
the user's (that is. registered user) temninal. mail ad- 



dress, and telephone number is registered in the home 
gateway; and when another user (retrieving user) con- 
tacts to the registered user, a communication-destina- 
tion of the registered user registered in the home gate- 

5 way, that is to say, the routing address is extracted. 
[0065] FIG, 11 Is a diagram illustrating an outline of 
this configuration. There are users A and B as users who 
use the personal computer 11 connected to the home 
gateway 10. Each of the users has a mail address and 

to can use two or more communication temiinals such as 
a mobile telephone, other than the PC. 
[0066] As actually available active-terminal informa- 
tion, the users A and B register model information of a 
terminal (such as PC) and routing information (such as 

»5 a mail address), for each user, in the home gateway 10. 
A method for registering the information Is similar to that 
of generating active terminal list described above: de- 
vice unique information from a tenninal connected to the 
home gateway - and from a communication terminal as 

20 a non-connected terminal including a mobile telephone 
and PHS for example - is transmitted to the home gate- 
way as device identification information; and the home 
gateway extracts the communication tenninal having 
the corresponding unique value from the registered de- 

25 vice data to make a table. Generation processing of this 
table is described in Japanese Patent Application No. 
Hei 11-55625, which is a patent application applied for 
by the same applicant as that of the present invention. 
Therefore, the same method can be adopted. 

30 [0067] When another user (retrieving user) tries to 
contact to the user registered in the home gateway 10 
(registered user), the retrieving user can obtain a com- 
munication-destination of the retrieving user by access- 
ing the home gateway 1 0 to obtain the registered Infor- 

35 mation of the user condition table. HTTP is used as pro- 
tocol when accessing the home gateway 1 0. A configu- 
ration that uses HTTP browser enables the registered 
user to display table information of the home gateway 
in the browser to view communication-destinations of 

40 the registered users. In addition, it is recommended to 
have a configuration that is adapted to WAP (Wireless 
Access Protocol) and i-Mode (Compact-HTML) to ena- 
ble acquisition of the home gateway table Information 
from a mobile telephone. FIG. 12 shows a processing 

45 sequence of the user retrieving processing. 

[0068] The following describes the processing se- 
quence of FIG. 12. To begin with, a registering user reg- 
isters utilized terminal information in the home gateway. 
For example, the infonnation includes model Informa- 

50 tlon of a temninal (such as PC) and routing information 
(such as a mail address, a telephone number), for each 
user. Upon receipt of such Information, the home gate- 
way registers the infomnation in the user condition table 
explained using FIG. 11. The information is registered 

55 as infomnation of terminals that are active, in other 
words, capable of communicating. After registration, the 
home gateway transmits a response, which indicates 
the registration completed, to the registration request 
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user. 

[0069] Next, the retrieving user who requests commu- 
nication with the registered user accesses the home 
gateway, and requests it to retrieve an access destina- 
tion for accessing the registered user. In this case, the 
home gateway obtains meta-informatlon to confirm a 
terminal ID and a user ID of the user who issues the 
retrieval request. As regards obtaining the meta-lnfor- 
mation, user-agent is available when HTTP is used for 
example. It is also possible to have a configuration in 
which the utilized temiinal information of the retrieving 
user is identified by applying CC/PP that is proposed as 
a structure for describing user or device function using 
RDF (Resource Description Framework). Or it may be 
configured to identify the utilized terminal information 
using a cookie of HTTP. Using P3P enables user iden- 
tification based on a browser installed In the temrilnal. In 
such a manner, the retrieving user or terminal Is identi- 
fied, and then the home gateway provides, according to 
the temninal used, the retrieving user with the commu- 
nication-destination information of the registered user, 
that is, stored data in the user condition table. 
[0070] By the way, as shown in FIG. 1 2 in dotted lines, 
it is possible to have a configuration in which the home 
gateway provides only specific users with the access 
destination infomiation for accessing the registered us- 
er by issuing an authentication request to the retrieving 
user. This authentication processing can be executed 
as the following processing for example: identification 
values of retrieving users to which notification of com- 
munication destination is allowed by a registered user 
are registered in the home gateway; the retrieving user 
who issued the retrieval request is requested the iden- 
tification value, which is matched with the registered da- 
ta. In this case, a range of access right can be set for 
each request temninal or each retrieving user, which is- 
sued the access request. For example, if access is a 
mail to PC. the access is allowed; but access to a mobile 
telephone is not allowed. 

[0071] Moreover, if the home gateway holds a log of 

access requests from retrieving users having no access 
right as an access history and transmits the log to the 
registered user, the registered user can know the ac- 
cess situation. 

[0072] The following specifically describes an exam- 
pie of the processing. For example, when user A having 
a mobile telephone contacts to user B. the user A can 
access the home gateway using the mobile telephone 
to obtain access destination information regarding the 
user B that is registered In the user condition table of 
the home gateway. As a result of a response received 
from the home gateway, the user A can telephone or 
send a mail by one click operation according to the in- 
formation received from the home gateway making the 
most of tags used in WAP (Wireless Access Protocol) 
and i-Mode (Compact-HTML). In this connection, the 
home gateway is configured to have functions of IP ad- 
dress and PPP server to enable accesses from various 
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terminals. <S5 
[0073] Up to this point, the present inventioi3s3|/vas de- 
tailed with reference to the specific embodiments. How- 
ever, it is apparent that persons skilled in the relevant 

5 art(s) can modify and replace the embodiments within 
a range of main points of the present invention. In other 
words, because the embodiments of the present inven- 
tion are illustrated as examples, they should not be in- 
terrupted in a limited manner. To judge the main points 

10 of the present invention, claims described at the outset 
should be taken into account. 

[0074] As described above, regarding the communi- 
cation network system, the gateway, the data commu- 
nication method, and the program providing medium ac- 

15 cording to the present invention, data communication 
having advanced functionality is enabled by adding 
functions of routing infonnation providing processing 
and authentication processing to a gateway. This con- 
figuration can prevent unauthorized data writing and 

20 reading when a terminal in a local (private) communica- 
tion network connected to a gateway is accessed from 
a public communication network such as Internet. More- 
over, a configuration that provides an active temninal list 
and a user condition table enables a person, who issues 

25 an access request, to retrieve a desired access desti- 
nation easily. 

Claims 

30 

1 . in a communication network system, in which com- 
munication between two communication networks 
is made possible by involving a gateway for per- 
forming communication protocol conversion be- 

35 . tween said two communication networks communi- 
cating according to different protocols, 

the gateway has data accumulation means for 
accumulating either program data executed at a ter- 
minal connected to one of the two communication 

40 networks or data processed by the program data. 

2. A communication network system according to 
claim 1 , wherein said data accumulation means ac- 
cumulate backup data of data stored in local storing 

45 means which Is Included in a tenmlnal connected to 
one of the communication networks, automatically 
or in a manner specified by a user. 

3. A communication network system according to 
50 claim 1 , wherein if data to be stored in the accumu- 
lation means is data that requires a license such as 
program data, a license table, which associates an 
identification value of a terminal as an accumulation 
executer and a license identification value with the 

55 accumulated data, is kept when accumulating the 
data; and 

if a terminal connected to one of the commu- 
nication networks perfomris a request for acquiring 
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data that requires a license and that is stored in the 
accumulation means, the gateway requests the ter- 
minal to transmit license data and a terminal unique 
value, retrieves the received license data and the 
received terminal unique value in the license table, 
' judges whether or not the temiinal is licensed, and 
then allows or rejects download of the required data 
according to the judgment. 

4. A communication network system according to 
claim 1, wherein one of the two communication net- 
works communicating according to different proto- 
cols is a public communication network that enables 
an indefinite number of users to communicate, and 
the other is a private communication network that 
enables only terminals within a specific communi- 
cation area to communicate; 

said data accumulation means has data ac- 
cumulation means for accumulating either program 
data executed at a terminal connected to the private 
, communication network or data processed by the 

program data. 

5. A communication network system according to 
claim 1 , wherein the gateway has a registration ta- 
ble for registering a user identification value or a de- 
vice identification value in the data accumulation 
means; and 

if the gateway receives an access request for 
accessing the data accumulation means, the gate- 
way requests an access request user to transmit a 
user identification value or a device identification 
value, retrieves the received user identification val- 
ue or the received device identification value in the 
registration table, judges whether or not the access 
request user has an access right, and then allows 
or rejects the access request according to the judg- 
ment. 

6. A gateway, wherein communication protocol con- 
) version between two communication networks 

communicating according to different protocols is 
perfomned, 

the gateway has data accumulation means for 
accumulating either program data executed at a ter- 
minal connected to one of the two communication 
networks or data processed by the program data. 

7. A gateway according to claim 6, wherein said data 
accumulation means accumulate backup data of 
data stored in local storing means, which is included 
in a terminal connected to one of the communica- 
tion networks, automatically or In a manner speci- 
fied by a user. 

8. A gateway according to claim 6, wherein if data to 
be stored in the accumulation means is data that 
requires a license such as program data, a license 



table, which associates an identification value of a 
terminal as an accumulation executer and a license 
identification value with the accumulated data, is 
kept when accumulating the data; and 

5 if a terminal connected to one of the commu- 

nication networks performs a request for acquiring 
data that requires a license and that is stored in the 
accumulation means, the gateway requests the ter- 
minal to transmit license data and a temriinal unique 

10 value, retrieves the received license data and the 
received terminal unique value in the license table, 
judges whether or not the terminal is licensed, and 
then allows or rejects download of the required data 
according to the judgment. 

15 

9. A gateway according to claim 6, wherein one of the 
two communication networks communicating ac- 
cording to different protocols Is a public communi- 
cation network that enables an indefinite number of 
20 users to communicate, and the other is a private 
communication network that enables only terminals 
within a specific communication area to communi- 
cate; 

said data accumulation means has data ac- 
25 cumulation means for accumulating either program 
data executed at a temninal connected to the private 
communication network or data processed by the 
program data. 

30 10. A gateway according to claim 6, wherein the gate- 
way has a registration table for registering a user 
identification value or a device Identification value 
In the data accumulation means; and 

if the gateway receives an access request for 

35 accessing the data accumulation means, the gate- 
way requests an access request user to transmit a 
user identification value or a device identification 
value, retrieves the received user identification val- 
ue or the received device identification value in the 

40 registration table, judges whether or not the access 
request user has an access right, and then allows 
or rejects the access request according to the judg- 
ment. 

45 11. A data processing method In the communication 
network system, wherein communication between 
two communication networks is made possible by 
involving a gateway for performing communication 
protocol conversion between said two communica- 

so tion networks communicating according to different 
protocols, 

the following processing is executed: either 
program data executed at a terminal connected to 
one of the two communication networks orprocess- 
55 ing data based on the program data is accumulated 
in data accumulation means which is included in the 
gateway, automatically or in a manner specified by 
a user. 
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12. A data processing method according to claim 11, 
wherein backup data of data stored in local storing 
means included In a terminal connected to one of 
the communication networks is accumulated in data 
accumulation means included in the gateway. 

13. A data processing method according to claim 11, 
wherein if data to be stored in the accumulation 
means Is data that requires a license such as pro- 
gram data, said gateway generates a license table, 
which associates an identification value of a termi- 
nal as an accumulation executer and a license iden- 

. tificatlon value with the accumulated data, when ac- 
cumulating the data; and 

if a temriinal connected to one of the commu- 
nication networks performs a request for acquiring 
data that requires a license and that is stored in the 
accumulation means, the gateway requests the ter- 
minal to transmit license data and a terminal unique 
value, retrieves the receive'd license data and the 
received terminal unique value in the license table, 
judges whether or not the terminal is licensed, and 
then allows or rejects download of the required data 
according to the judgment. 

14. A data processing method according to claim 11, 
wherein one of the two communication networks 
communicating according to different protocols Is a 
public communication network that enables an in- 
definite number of users to communicate, and the 
other is a private communication network that ena- 
bles only terminals within a specific communication 
area to communicate; 

said data accumulation means accumulates 
either program data executed at a terminal connect- 
ed to the private communication network or data 
processed by the program data. 

15. A data processing method according to claim 11, 
wherein the gateway generates and stores a regis- 
tration table for registering a user identification val- 
ue or a device identification value In the data accu- 
mulation means; and 

If the gateway receives an access request for 
accessing the data accumulation means, the gate- 
way requests an access request user to transmit a 
user identification value or a device identification 
value, retrieves the received user identification val- 
ue or the received device identification value in the 
registration table, Judges whether or not the access 
request user has an access right, and then allows 
or rejects the access request according to the judg- 
ment. 

16. Program providing medium, wherein the medium 
provides a computer program for executing, on a 
computer system, data processing in a communi- 
cation network that enables communication be- 



tween two communication networks by Ir^lving a 
gateway for perfonning communlcatlon^^rotocol 
conversion between said two communication net- 
works communicating according to different proto- 
5 cols, 

the computenprogram has a processing step 
to store either program data executed at a terminal 
connected to one of the two communication net- 
works or processing data based on the program da- 
10 ta In data accumulation means which is Included In 
the gateway, automatically or in a manner specified 
by a user. 

17. In a communication network system, in which com- 
15 munication between two communication networks 

is made possible by involving a gateway for per- 
forming communication protocol conversion be- 
tween said two communication networks communi- 
cating according to different protocols; 

20 

the improvement wherein the gateway receives 
a request to access a terminal or a registered 
user in a local communication network connect- 
ed to the gateway from an outside communica- 

25 tion network; and 

the gateway selects accessible terminals from 
terminals or registered user terminals in the lo- 
cal communication network connected to the 
gateway, generates an active temninal list and 

30 then transmits the active temninal list to a re- 

quest temninal that has performed the access 
request. 

18. A communication network system according to 
35 claim 17, wherein the gateway generates a user 

condition table as said active temninal list which reg- 
isters routing Information that enables communica- 
tion with registered users; and the gateway pro- 
vides said request terminal with the registered us- 
40 ens' routing infomnation in the user condition table. 

19. A communication network system according to 
claim 17, wherein the gateway receives device 
unique infomnation as specific information from a 

45 terminal In the local communication network con- 
nected to the gateway and from an unconnected 
terminal Including mobile telephones; and 

the gateway extracts terminals having appro- 
priate unique inf onnation from registered device da- 

50 ta in a home gateway, and makes a table of routing 
Information of the extracted tenninals to generate 
the active terminal list. 

20. A communication network system according to 
55 claim 17, wherein the gateway provides only spe- 
cific users with accessible temriinal information by 
perfomiing authentication processing for the re- 
quest temiinai or the request user that issued the 
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access request. 

21. A communication network system according to 
claim 17, wherein the gateway has setting informa- 
tion specifying a range of access right for eacfi re- 5 
quest terminal or each request user that issued the 
access request; and based on terminal or user In- 
formation obtained by the authentication process- 
ing for the request terminal or the request user, the 
gateway provides access destination information io 
with restriction according to the setting infomiation. 

22. A communication network system according to 
claim 17, wherein the gateway keeps a log of ac- 
cess requests from retrieving users having no ac- 15 
cess right as an access history and transmits the 
access history to registered users. 

23. In a gateway, in which communication protocol con- 
version between two communication networks 20 

I communicating according to different protocols is 

performed; 

the improvement wherein the gateway receives 
a request to access a terminal or a registered 25 
user in a local communication network connect- 
ed to the gateway from an outside communica- 
tion network; and 

the gateway selects accessible terminals from 
temninals or registered user temninals in the Io- 30 
cal communication network connected to the 
gateway, generates an active terminal list, and 
then transmits the active terminal list to a re- 
quest terminal that has perfonned the access 
request. 

24. A gateway according to claim 23, wherein the gate- 
way generates a user condition table as said active 
tenminal list which registers routing information that 
enables communication with registered users; and 40 

) the gateway provides said request terminal with the 

registered users* routing information in the user 
condition table. 

25. A gateway according to claim 23, wherein the gate- 45 
way receives device unique information as specific 
information from a terminals in the local communi- 
cation network connected to the gateway, and from 

an unconnected terminal including mobile tele- 
phones; and 

the gateway extracts terminals having appro- 
priate unique information from registered device da- 
ta in a home gateway, and makes a table of routing 
information of the extracted terminals to generate 
the active terminal list. 

26. A gateway according to claim 23, wherein the gate- 
way provides only specific users with accessible 



terminal information by performing authentication 
processing for the request terminal or the request 
user that issued the access request. 

27. A gateway according to claim 23, wherein the gate- 
way has setting information specifying a range of 
access right for each request terminal or each re- 
quest user that Issued the access request; and 
based on terminal or user information obtained by 
the authentication processing for the request termi- 
nal or the request user, the gateway provides ac- 
cess destination information with restriction accord- 
ing to the setting information. 

28. A gateway according to claim 23, wherein the gate- 
way keeps a log of access requests from retrieving 
users having no access right as an access history 
and transmits the access history to registered us- 
ers. 

29. In a data communication method in a communica- 
tion network system, in which communication be- 
tween two communication networks is made possi- 
ble by involving a gateway for performing commu- 
nication protocol conversion between said two com- 
munication networks communicating according to 
different protocols; 

the improvement corhprising: 

a request receiving step for receiving a request 
to access a terminal or a registered user in a 
local communication network connected to the 
gateway from an outside communication net- 
work; 

a list generation step for selecting accessible 
terminals from terminals or registered user ter- 
minals in the local communication network con- 
nected to the gateway to generate an active ter- 
minal list; and 

a list transmission step for transmitting the ac- 
tive terminal list to a request terminal that has 
performed the access request. 

30. A data communication method according to claim 
29, wherein said list generation step Is a step for 
generating a user condition table which registers 
routing information that enables communication 
with registered users; and 

said list transmission step is a step for trans- 
mitting the registered users' routing information in 
the user condition table to said request terminal. 

31. A data communication method according to claim 
29, wherein said list generation step receives de- 
vice unique information as specific information from 
a terminal in the local communication network con- 
nected to the gateway and from an unconnected 
temninal including mobile telephones; and 
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CO 



the list generation step extracts terminals hav- 
ing appropriate unique infomriation fronn registered 
device data in a honne gateway, and generates rout- 
ing infonnation of the extracted tenninals by listing 
them. 

32. A data communication method accorcfing to claim 
29, wherein said gateway performs authentication 
processing for the request terminal or the request 
user that issued the access request and provides 
accessible terminal infomiation for only specific us- 
ers authenticated successfully by the authentica- 
tion processing. 

33. A data communication method according to claim 
29, wherein the gateway generates setting infomria- 
tion specifying a range of access right for each re- 
quest terminal or each request user that issued the 
access request; and based on terminal or user in- 
formation obtained by the authentication process- 
ing for the request temninal or the request user, the 
gateway provides access destination information 
with restriction according to the setting infonnation. 

34. A data communication method according to claim 
29, wherein a log of access requests from request 
terminals or request users that have no access right 
is kept as an access history, and the access history 
is transmitted to registered users. 

35. In a program providing medium, in which the medi- 
um provides a computer program for executing, on 
a computer system, data communication process- 
ing in a communication network system that ena- 
bles communication between two communication 
networks by involving a gateway for performing 
communication protocol conversion between said 
two communication networks communicating ac- 
cording to different protocols; 

the improvement wherein the computer pro- 
gram comprises a request receiving step for re- 
ceiving a request to access a terminal or a reg- 
istered user in a local communication network 
con nected to the gateway from an outside com- 
munication network; 

a list generation step for selecting accessible 
temiinals from terminals or registered user ter- 
minals in the local'communication network con- 
nected to the gateway to generate an active ter- 

minal list; and 

a list transmission step for transmitting the ac- 
tive temninal list to a request terminal that has 
performed the access request. 
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(57) This invention relates to provide a communica- 
tion network system, a gateway, and a data communi- 
cation metliod, in whicli the gateway has an advanced 
functionality. A person who issues an access request 
can retrieve a desired access destination easily by the 
following configuration: functions of routing infomnation 
providing and authentication processing are added to a 
gateway that performs protocol conversion between two 
different communication networks; when an access re- 
quest is issued from a public communication network 



such as Internet to a terminal in a local (private) com- 
munication network connected to the gateway, a re- 
quest terminal is authenticated to enable prevention of 
unauthorized data writing and reading; and an access 
request user who succeeded in the authentication is 
provided with an active terminal list comprising acces- 
sible terminal information, or with a user condition table. 
The gateway comprises a private network physical in- 
terface (1 01 ), a public network physical interface (1 03), 
a CPU (1 02), a memory (1 04) and accumulation means 
(105). 
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